Package: sweethome3d Version: 4.3+dfsg-2 Severity: serious I've only tested 4.3+dfsg-2 (through Ubuntu 14.04), but I see nothing in changelogs to suggest that this behaviour has changed more recently.
By default, sweethome3d calls home by making an HTTP request to http://www.sweethome3d.com/SweetHome3DUpdates.xml. This is a privacy leak. It is configurable once the program is started, however. Expected behaviour: in Debian, this should be patched to be turned off by default. Serious severity justification: I cannot find a reference, but I believe that this is frowned upon enough in Debian to make the package unfit for release. If I'm wrong, I'm happy to be corrected. Thanks, Robie
signature.asc
Description: Digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.